Conventional data communication networks include a host station or network manager providing network control by being connected to a network including one or several node stations, which, in turn concentrate and manage the traffic provided from/to remote terminal stations. In principle, several terminal stations are attached to each node station, such as to provide a sub-network which can be referred to as a cell.
One such network to be more particularly considered in this invention may be defined as a wireless Local Area Network (LAN). Such a network to be disclosed in details in the following description includes remote stations connected to individual nodes or base stations, via radio links with the base station(s), in turn, connected to a host (or network) manager (herein also referred to as wireless manager) via a wired LAN circuitry.
But regardless of be the network architecture, the data traffic must be protected as the system poses increasing threats to the security of communications and operations involving end-users and network components.
This problem has already received particular attention from the data communication industry sector. In fact, security is a must, and customers always include this feature in defining their requirements or network functional characteristics. One may easily understand their concern on the matter when bearing in mind that in such networks the flow of data carries very sensitive proprietary information relating to the customers company operation, e.g., cash-flows, prices, correspondence within the network, requests from their own customers, etc. . . .
One essential function for achieving security in such a network is a mechanism to reliably authenticate the exchange of messages between communicating parties. This involves the establishment of a session key, which key needs being distributed safely.
One such system has been described by S. P. Miller, B. C. Newman, J. I. Schiller and J. H. Saltzer, as the "Kerberos Authentication and Authorization System" of the M. I. T. Project Athena, Cambridge, Mass., December 1987. The proposed system requires using physical protection and synchronization operations. This is however troublesome and a heavy burden to carry when it addresses private networks made for non-technical customers wishing to minimize their own implications on the network buildup. Besides, it adds to the original cost of the network and therefore makes the proposed network installation less competitive. Other approaches involve using so-called public key cryptography operations which are computationally expensive and imply the need to compute and store in a Key Distribution Center, all the Public key / Private key couples prior to the stations initializations.
In some cases public keys are provided to all station attaching to the network, by using carrying security personnel which is both heavy to handle and expensive.
Another approach requires each station to be initialized in a secure central location before being shipped to their destination. This is again an expensive process, especially if the customer has to do it.